Ransomware situation - looking for advice

My partners employer recently had a massive ransomeware attack breach their network. Everyone in the company was ordered to keep their laptops off and not log into anything that required a company email.

When my partner works from home, they use our home network (I know, I should probably have them use a guest network). There are no signs of any sort of infection on the home network and my partner knows not to turn on the computer for now.

Are there any suggestions for things I should do to double check there are no infections, or should I just keep an eye out? My assumption is, if the ransomware had gotten through to our network it would be pretty obvious (my partners work laptop never showed any signs of infection either).

Side question - if my partner kept any sort of PII on her companys network would best practices suggest to try and lock that down (such as freezing their credit)?

This is really hard to tell, some Ransomware does try to propagate via the local network, some doesn’t. Depends on a lot of factors like OS used, are all your devices on the most recent security patch level etc.

DEFINITELY put work PCs in their own network next time and configure that network so that the devices in it cannot talk to each other.

1 Like

The company, no surprise, is not giving out a ton of details yet as they try and mitigate damage so I do not have a lot of info to work with.

I got lazy. Will setup a guest network for work PCs ASAP.

Try to know which group was involved and try to determine what specific malware was used. Ask your IT? Then look for indicators of compromise on your end.

This could be useful https://www.nomoreransom.org

Its not my employer, its my partners. So asking IT isn’t an option. Just waiting for updates via my partner.

@user1 interesting site. Ill take a look.

If you live in the USA, UK or other states with credit scores you should freeze your credit score regardless of anything. It can prevent your address being sold to data brokers somewhat and generally prevent id-theft. You can always unblock it whenever you need to apply for something and lock it after again.

You can usually get this for free if you can claim that your data was misused. Well who isn’t these days ;).

1 Like

It depends on what kind of ransomware the company is dealing with and how it’s being transmitted. In any case, I suggest taking measures to protect yourself from potential identity theft and operating with increased vigilance.

Regarding identity theft, this entirely depends on where you live. Should you live in the United States, I suggest planting your flag with each of the big 3 credit bureaus, although there are other ones out there as well. Planting your flag means to create an account for your identity, since malicious actors could create an account on your behalf using your information, if no account is in place. Freeze your credit and monitor your accounts actively.

Additionally, you can lock your social security number with E-Verify: Self Lock

Regarding your opsec, your partner should double check every message and email they get, especially those with file attachments. If possible, you can also install a network monitor and other tools on your devices. For example, if you are using MacOS you can take a look at Objective See’s tools, especially RansomWhere?. You can do a search for other similar tools depending on your OS.

If you haven’t conducted a backup yet, get an external HDD or SSD and run a full backup just in case anything gets through. It is relatively unlikely, since the target likely only included the company, but backing up is always a good idea.

You could also ask the company for any details on the ransomware, such as type and origin. Then you can do some research on it to figure out how you can protect yourself from it.

1 Like

@ph00lt0 I actually keep my credit frozen most of the time. Been a habit of mine since I realized those credit monitoring companies constantly get breached. I also froze my partners credit. Great advice.

Never heard of this, I had only ever used e-verify as an employer. Ill check it out.

Although my partner is not very technically saavy they are actually well trained at not downloading attachments they do not recognize, and as a function of their job they do not usually download or go to unknown websites which atleast mitigates some risk.

I know the company is doing full scans of every computer before allowing anyone to use any program that required company credentials (such as email or teams).

1 Like

Why does she do work on a private device?

They dont. Its a work issued laptop. I was lazy and allowed it on our home network instead of a guest network though.